﻿using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.OData.Query;

namespace Devonline.Identity.Admin.Controllers;

[Route("api/[controller]")]
[ApiController]
[SecurityHeaders]
[Authorize(Roles = GROUP_MAINTAINERS)]
public class AccessRulesController : ControllerBase
{
    private readonly IDataService<IdentityDbContext, AccessRule> _dataService;
    public AccessRulesController(IDataService<IdentityDbContext, AccessRule> dataService) => _dataService = dataService;

    [HttpGet, EnableQuery]
    public IActionResult Get() => Ok(_dataService.GetQueryable());

    [HttpPost]
    public async Task<IActionResult> CreateAsync(AccessRuleViewModel entitySet) => Ok(await _dataService.AddAsync(entitySet));

    [HttpPut]
    public async Task<IActionResult> UpdateAsync(AccessRuleViewModel entitySet) => Ok(await _dataService.UpdateAsync(entitySet));

    [HttpDelete("{id}")]
    public async Task<IActionResult> DeleteAsync(string id)
    {
        await _dataService.DeleteAsync(id);
        return Ok();
    }
}